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REMARKS 

Claims 1-15 and 17-30 were pending prior to amendment. 
Please cancel claims 27-30, without prejudice or disclaimer. 
Claims 1-15 and 17-26 are currently pending. 

Claims 1-15 and 17-26 stand rejected as allegedly being 
unpatentable in view of UK Published Patent Application No. GB 
2,317,792 A to Minear et al . ('Minear 7 ') . 

In view of the amendments and remarks herein, the 
rejections are respectfully traversed. Reconsideration and 
allowance are respectfully requested. 

Claim 1 

Claim 1 has been amended to further emphasize patentable 
aspects of the disclosure. Claim 1 is patentable over Minear at 
least because Minear neither teaches nor suggests a first 
classifying forwarding element and separate decrypting 
forwarding element , as recited in claim 1 . 

Instead, Minear teaches that classifying and decrypting 

functionality is performed within firewall IB. For example, 

page 7 lines 14-18 teaches that: 

When a datagram is received form unprotected 
network 16 or is to be transmitted to a 
destination across unprotected network 16, 
the firewall must be able to determine the 
algorithms, keys, etc, that must be used to 
process the datagram correctly. In one 
embodiment, this information is obtained via 
a security association lookup. 
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That is, Minear' s firewall both classifies the packet and 
decrypts the packet, 

Further, there is no motivation in the cited references to 
use separate classifying forwarding elements and decrypting 
forwarding elements. The motivation to do so lies entirely 
within the current disclosure. 

In the current disclosure, a first classifying forwarding 
element separate from one or more decrypting forwarding elements 
allow for efficient packet processing, by allowing decryption to 
be offloaded. Ag shown in FIG. 2, a separate classifying 
forwarding element may perform functions such as load balancing 
and the like. Since the classifying forwarding element need not 
decrypt IPsec packets to perform classification functions, the 
classifying forwarding element may perform them efficiently, 
prior to decryption. 

As noted above, Minear neither teaches nor suggests 
separate classifying and decrypting forwarding elements. 
Further, it would not have been obvious to modify Minear to 
include such a feature. Minear describes its invention as 
follows: 

,,the method comprising the steps of 
determining, at the IP layer, if a message 
is encrypted, if the message is not 
encrypted, passing the unencrypted message 
up the network protocol stack to an 
application level proxy, and if the message 
is encrypted, decrypting the message and 
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passing the decrypted message up the network 
protocol Btack to the application level 
proxy, where the step of decrypting the 
message includes the step of executing a 
procedure at the IP layer to decrypt the 
message , 

Thus, classified messages are either passed directly up the 
network protocol stack to the application level proxy, or passegi 
to the application level proxy via the decryption engines of 
Minear. In order to separate classification and decryption (so 
that, e.g., load balancing may be performed prior to 
decryption) , substantial changes would need to be made to the 
system of Minear. Thus, it would not have been obvious to 
modify Minear to include the features of claim 1. 

For at least the above reasons, claim 1 is patentable over 
Minear, 

Claim 1 is further patentable because Minear neither 
teaches nor suggests w if said classification parameter is not 
available, and the IPsec traffic is encrypted then decrypting 
traffic in a decrypting forwarding element separate from the 
first classifying forwarding element after said traffic has 
passed through said classifying forwarding element," as recited 
in claim 1 . 

Instead, Minear teaches that "in one embodiment, if 
firewall 18 receives datagrams which are identified as either an 
IP_PROTO_IPSEC_ESP or I P_PROTO_I PSEC_AH protocol datagram, there 
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must be a corresponding SA in the SADB or else firewall 18 will 
drop the packet and an audit message will be generated," 
(Please see page 8, lines 18-23 of Minear) , That is, if the 
classification information is not available, the packet will be 
dropped rather than decrypted. 

For at least this additional reason, claim 1 is patentable 
over Minear. 

Claims 2-5 

Claims 2-5 depend from claim l, and are therefore 
patentable for at least the same reasons as stated above with 
respect to claim 1 . 

Claims 6-10 

Claim 6 includes features similar to those discussed above 
with respect to claim l, and is therefore patentable for similar 
reasons. Claims 7-10 depend from claim 6, and are therefore 
patentable for at least the same reasons . 

Claims 11-15 and 17-26 

Claim 11 includes features similar to those discussed above 
with respect to claim 1, and is therefore patentable for similar 
reasons. Claims 12-15 and 17-26 depend from claim 11, and are 
therefore patentable for at least the same reasons. 

CONCLUSION 

It is believed that all of the pending claims have been 
addressed in this paper. However, failure to address a specific 
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rejection, issue, or comment, does not signify agreement with or 
concession of that rejection, issue or comment. In addition, 
because the arguments made above are not intended to be 
exhaustive, there may be reasons for patentability of any or all 
pending claims (or other claims) that have not been expressed. 
Finally, nothing in this paper should be construed as an intent 
to concede any issue with regard to any claim, except as 
specifically stated in this paper, and the amendment of any 
claim does not necessarily signify concession of unpatentability 
of the claim prior to its amendment . 

Claims 1-15 and 17-26 are in condition for allowance, and a 
notice to that effect is respectfully solicited. If the Examiner 
haB any questions regarding this response, the Examiner is 
invited to telephone the undersigned at (858) 678-4311. 

No fees are believed due . Please apply any other charges 
or credits to Deposit Account No. 06-1050, 

Respectfully submitted, 



Date: 



12/30/04 



Pish & Richardson p.C, 

PTO Customer Number: 20985 

12390 El Camino Real 

San Diego, CA 92130 

Telephone: (85B) 678-5070 

Facsimile: (858) 678-5099 

104470B2.doc 




jinda G. Gunderson 
Reg. No. 46,341 

Attorney for Intel Corporation 
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